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DETAILED ACTION 

Response to Arguments 

1. In response to communications filed on 3/10/2005, for request to continue examination, 
applicant amends claims 1, 14, 23, and 27. The following claims 1-31 are presented for 
examination. 

2. Applicant's arguments, see page 9, filed on 3/10/2005, with respect to the rejection of 
claims 1-31, under 35 USC 103 (a) have been fully considered and they are persuasive as 
amended. Applicant has amended the independent claims 1, 14, 23, and 27 to further limit the 
claimed invention. However, upon further consideration, a new ground of rejection is made. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 
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3.1 Claims 1-3, 7-8, 9-17, and 20-28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent 6,401,125 to Makarios et al in view of US Patent 6,401,125 to 
Green et al. 

3.2 As per claims 1, 14-17, Makarios et al substantially teaches a method for brokering 
state information exchanged between computers using at least one protocol above a transport 
layer, the method comprising the steps of receiving at a proxy a request from a client requesting 
a resource of an origin server wherein the transparent proxy is unknown to the client (column 4, 
lines 53-56) the proxy disclosed meets the recitation of transparent proxy as the proxy is 
unknown to the client as the client sends the URL directly to a server. Makarios et al discloses 
redirecting the client request from the proxy to a signup web page with an address that meets the 
recitation of policy module with identifier of claim 14 (column 4, lines 51-53 and column 5, lines 
10-15); obtaining enforcement data provided by the policy module (column 5, lines 15-27 and 
column 3, lines 1-10); a proxy cookie is generated in response to login information of the user 
and transmitting to the user to use as an authentication for further interactions with the proxy that 
meets the recitation of generating at the proxy a policy state token in response to the policy 
enforcement data (column 5, lines 19-51); and transmitting the policy state token from the proxy 
to the client wherein the policy state token is used as an authentication of the client to the 
transparent proxy for subsequent interactions between the client and the transparent proxy. 
Although Makarios et al discloses the claimed method steps of claim 1, Makarios et al does 
not provide enough details on the architecture implemented in the invention. Green et al in an 
analogous art teaches a memory configured at least in part by a transparent proxy process, a 
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processor for running the transparent proxy process, (see figure 1) at least one link for networked 
communication between the transparent proxy process, on the one hand, and a client computer 
and an origin server, on the other hand, for example (see figures 2 and 3); Green et al further 
teaches a secure transparent proxy that is transparent to both a client and a server (column 9, 
lines 5-12) and transmitting packets in accordance with a defined security policy (column 5, lines 
25-30) having a security module to verify whether to grant or deny access to proxy services 
(column 7, line 48 through column 8, line 25 and column 9, line 12-55). Therefore, it would 
have been obvious to one of ordinary skilled in the art at the time the invention was made to 
combine the invention of Makarios et al with the inventive concept of Green et al to provide 
more security and more versatility. One skilled in the art would have been motivated to 
combine both references because the proxy disclosed by Green et al provides more security and 
more versatility and it is associated with policy module that allows the proxy to use any defined 
protocols in accordance to defined security policy and provides transparency wherein no devices 
need to change any configuration information (column 9, lines 1 1-60). 

As per claims 2-3, Makarios et al discloses the limitation of receiving at the proxy a 
renewed request for the origin server resource, the renewed request containing the policy state 
token, wherein the renewed request contains the policy state token in a cookie in a header sent 
from the client to the proxy, for example (column 5, lines 25-32). 
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As per claims 7-8, Makarios et al teaches the limitation of wherein HTTP or HTTPS is 
a protocol used during at least one of the receiving and transmitting steps (column 3, lines 30- 
67). 

As per claim 10, the combination of Makarios et al and Green et al teaches directory 
access protocol for authentication of client that meets the recitation of utilizing LD AP as a 
software to provide authentication information about the client and the transparent policy 
enforcement data obtained by the transparent proxy depends on the authentication thus provided 
(Green et al, column 9, lines 12-47). Therefore, claim 10 is rejected on the same rationale as the 
rejection of claim 1 . 

Claims 9 and 11 are similar to the rejected claim 10 except for utilizing Novell 
Directory Services and SSL software respectively instead of LDAP. Green et al discloses other 
directory service protocols and any protocols used in X400's X500's. Therefore using NDS or 
SSL would have been obvious to one skilled in the art, as these protocols are well known.. 
Therefore, claims 9 and 1 1 are rejected on the same rationale as the rejection of claim 1. 

As per claim 12, Makarios et al. teaches the limitation of wherein the obtaining step 
extracts policy enforcement data from a redirection address field (see column 3, lines 1-10). 
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As per claim 13, Makarios et al. teaches the limitation of wherein the transmitting step 
transmits the policy state token in a cookie in a header sent from the proxy to the client (column 
10-32). 

As per claims 20-22, claim 20 adds another proxy with similar limitations as the rejected 
claim 14. To one with ordinary skilled in the art, the network can comprise of any number of 
clients and servers and adding more than one proxy to share some of the functions would have 
been a design choice and obvious to one skilled in the art because assigning proxies to handle 
specific functions or protocols is well known in the art. 

Claims 23 and 28 recite some of the limitations found in claim 1 except for 
implementing the claimed method in a computer system and for using a first signal including a 
redirection command which specifies the policy module address as a redirection target (see 
Makarios et al, column 5, lines 10-25); and a second signal including a redirection command 
which specifies the transparent proxy server address as a redirection target (Makarios et al, 
column 5, lines 30-32). Makarios et al discloses a signup web page with an address that meets 
the recitation of policy module address. Claims 23 and 28 are rejected on the same rationale as 
the rejection of claim 1 . 

As per claim 24, Makarios et al teaches the limitation of wherein the first signal 
includes an identity broker address as the policy module address (see column 5, lines 10-25). 
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As per claim 25, Makarios et al teaches the limitation of wherein the first signal 
includes a login server address as the policy module address (see column 5, lines 10-25). 

As per claim 26, Makarios et al teaches the limitation of wherein the second signal 
includes the policy enforcement data embedded in an address field with the transparent proxy 
server address (see column 5, lines 10-25). 

Claims 27 is similar to the rejected claim 1, except for incorporating the claimed method 
of claim 1 into a computer medium. Therefore, claim 27 is rejected on the same rationale as the 
rejection of claim 1. 

4. Claims 4, 6, 18, 19, 29, and 30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent 6,401,125 to Makarios et al in view of US Patent 6,401,125 to Green et al as 
applied to claims 1-3 above and further in view of US Patent Publication US 2002/00073 17 to 
Callaghan et al. 

As per claim 4, Makarios et al discloses stripping in the proxy cookie to customize the 
client's information request as appropriate to the server (column 3, lines 1-10). Callaghan et al. 
in an analogous art teaches the step of forwarding to the origin server a portion of the renewed 
request, the forwarded portion omitting the policy state token (see page 6, paragraphs 88-90). 
Callaghan et al. further teaches in other embodiments the step of stripping off the state token 
(see page 4, paragraph 61 and page 5-, paragraph 81). Therefore, it would have been obvious to 
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one of ordinary skilled in the art at the time the invention was made to modify the method as 
combined above to omit the policy state token when forwarding the request to server. One 
skilled in the art would have been motivated to do so because by omitting the policy state token 
the proxy can maintain the proxy cookie information secret to the server. The other advantage of 
adding and omitting state information as disclosed by Callaghan et al is that it enables a proxy 
to customize request and response as it fits to the proxy (page 4, paragraphs 61-62). 

As per claim 6, Callaghan et al. teaches further comprising the steps at the proxy of 
forwarding to the client at least a portion of a communication from the origin server, and 
forwarding to the origin server at least a portion of a communication from the client (page 5, 
paragraphs 81-82). Therefore claim 6 is rejected on the same rationale as the rejection of claim 
4. 

Claim 18 recites some of the limitations of claims 1 and 4 as discussed above. For 
instance, Green et al discloses transparent proxy service that is transparent to both client and 
server, the combined references above also teach the step of accepting the authorization from the 
client with a renewed client request for the origin server resource; forwarding the renewed client 
request to the origin server without forwarding the authorization but with an indication to the 
origin server that the transparent proxy server is the source of the forwarded request, and then 
transparently forwarding the requested resource from the origin server to the client as mentioned 
in claims 1 and 4. Therefore claim 18 is rejected on the same rationale as the rejection of claims 
1 and 4. 
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As per claim 19, Makarios et al teaches the limitation of wherein the transparent proxy 
server sends the client the authorization by sending the client a proxy cookie for use in 
subsequent communications from the client, for example (see column 5, lines 19-51). 

Claims 29 and 30 recite some of the limitations found in claim 18, therefore they are 
rejected on the same rationale as the rejection of claim 18. 

5. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
6,401,125 to Makarios et al in view of US Patent 6,401,125 to Green et al, in view of US 
Patent Publication US 2002/00073 17 to Callaghan et al as applied to claim 4 above and further 
in view of US Patent 5,805,803 to Birrell et al.. 

As per claim 5, Makarios et al discloses an example of reply containing an origin state 
token for use by the proxy in its subsequent communications with a (column 5, lines 55-65). It is 
obvious to one skilled to the art that the same concept can be applied in the server side (see 
figure 2) as the proxy is capable of saving the cookie for future interactions with the server. 
Green et al discloses transparency with both the server and the client and discloses interaction 
between the proxy and the server (column 1 1, lines 5-17). Birrell et al. in an analogous art 
discloses receiving at the proxy a reply from the origin server, the reply containing an origin 
state token for use by the proxy in its subsequent communications with the origin server, for 
example (see column 4, lines 51-65). Therefore, it would have been obvious to one of ordinary 
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skilled in the art at the time the invention was made to modify the method as combined above to 
include the step of receiving at the proxy a reply from the origin server, the reply containing an 
origin state token for use by the proxy in its subsequent communications with the origin server. 
One skilled in the art would have been motivated to do so because using the origin state token for 
use by the proxy in its subsequent communications with the origin server will allow the proxy to 
save in time and bandwidth if the server is already known to the server rather than authenticating 
at every session (column 4, lines 51-65 and 13-26). 

6. Claim 31 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
6,401,125 to Makarios et al in view of US Patent 6,401,125 to Green et al as applied to claim 
27 above and further in view of US Patent Publication US Patent 6,728,884 to Lim 

As per claim 31, both references substantially teach the step of generating at the proxy a 
policy state token in response to the policy enforcement data (Makarios et al, column 5, lines 
19-51); transmitting the policy state token from the proxy to the client (Makarios et al, column 
5, lines 19-51); receiving the proxy cookie from the client with a renewed client request for the 
origin server resource (Makarios et al, column 5, lines 19-51), and redirecting client request 
from a transparent proxy to a policy module and accepting the policy enforcement data 
(Makarios et al, column 5, lines 19-51). Neither of the references explicitly teach redirecting a 
request from a second transparent proxy to be to, and accepting the policy enforcement data at 
the second transparent proxy. To a person skilled in the art it is apparent that the proxy disclosed 
by the combined references above can be implemented in more than one computer to obtain a 
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second transparent proxy that will perform the same function. Load balancing is well known in 
the art; and in load balancing, another transparent proxy or gateway can perform a specific 
function when the first one is not available. Lim in an analogous art teaches a plurality of proxy 
servers associated with several security modules to control and provide access to resources 
(column 3, lines 40-57). Lim discloses proxy configuration data that specifies the configuration 
of each proxy servers; the proxy configuration data specifies whether a particular proxy security 
server provides authorization services (column 6, line 65 through column 7, line 5) and discloses 
request can be received by a specific proxy server since the request may include data that 
indicates which proxy servers to use and further discloses proxy server requests security module 
(column 5, lines 60-67 and column 6, lines 15-20); a returned cookie is required for access to 
resources (column 6, lines 34-35) and further discloses that not all the proxies may provide the 
same set of services a service may be available for a specific service while another server 
provides that particular service (column 8, lines 59-67) that meets the recitation of accepting at 
the second transparent proxy the second policy enforcement data provided by the policy module, 
the second policy enforcement data including authorization from the policy module for the client 
to access the resource through the second transparent proxy. Therefore, it would have been 
obvious to one of ordinary skilled in the art at the time the invention was made to modify the 
method as combined above to include a second transparent proxy where a request can be 
received after the first proxy becomes unavailable and accepting at a second proxy policy 
enforcement data from policy module for authorization to access resources as suggested by Lim. 
One skilled in the art would have been motivated to utilize more than one proxy because it 
provides the advantage of governing access to more information resources and selective proxies 
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can be assigned to specific security policies and if there is a need for reconfiguration other 
proxies will be available (see column 2, lines 27-36) as suggested by Lim. 



examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
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